diff options
| author | Paul Spooren <mail@aparcar.org> | 2019-09-24 12:32:54 -1000 |
|---|---|---|
| committer | John Crispin <john@phrozen.org> | 2019-10-21 14:06:42 +0200 |
| commit | 4a45e69d190f72ed94878487b271ed7651dd9efa (patch) | |
| tree | c68d2c40447add81b5782e77e137cd56ad027066 /config/Config-build.in | |
| parent | f473ce6f231bb9f8913be50e850c771b3463fa14 (diff) | |
| download | upstream-4a45e69d190f72ed94878487b271ed7651dd9efa.tar.gz upstream-4a45e69d190f72ed94878487b271ed7651dd9efa.tar.bz2 upstream-4a45e69d190f72ed94878487b271ed7651dd9efa.zip | |
build: separate signing logic
This separates the options for signature creation and verification
* SIGNED_PACKAGES create Packages.sig
* SIGNED_IMAGES add ucert signature to created images
* CHECK_SIGNATURE add verification capabilities to images
* INSTALL_LOCAL_KEY add local key-build to /etc/opkg/keys
Right now the buildbot.git contains some hacks to create images that
have signature verification capabilities while not storing private keys
on buildbot slaves. This commit allows to disable these steps for the
buildbots and only perform signing on the master.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Diffstat (limited to 'config/Config-build.in')
| -rw-r--r-- | config/Config-build.in | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/config/Config-build.in b/config/Config-build.in index 872e5c12ab..c6591708a2 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -37,13 +37,21 @@ menu "Global build settings" - Enabling per-device rootfs support ... + config INSTALL_LOCAL_KEY + bool "Install local usign key into image" + default n + config SIGNED_PACKAGES bool "Cryptographically signed package lists" - default y + default n + + config SIGNED_IMAGES + bool "Cryptographically signed firmware images" + default n config SIGNATURE_CHECK bool "Enable signature checking in opkg" - default SIGNED_PACKAGES + default y comment "General build options" |